Currently I am working on rebuilding an existing website, the old site was written in CakePHP but the new one is in Laravel.
The old users will have to be able to login with the same password as they used on the old site, but those passwords were hashed in CakePHP.
My question is:
Is there a method which would enable me use the CakePHP way of
passwordhashing in Laravel?
I have tried looking for a package that could accomplish this, but to no avail.
I had a similar issue with a migration from a Drupal site. So it should be applicable here, I'll use CakePHP from now on instead of Drupal. I don't know if you are using a package like Sentry to handle the User accounts, or if it is something homegrown.
What I ended up doing was adding a second password field (cakephp_password) to my users table which contained the imported hashed passwords.
Then during the login process, I checked if the cakephp_password field was empty or not. If it was I passed the password typed by the user through the CakePHP hash function which I added to my Class that handled the logins. I then compared the hash from the CakePHP function with the hash in cakephp_password. If the hashes matched I passed the users password through the hashing function of my laravel User management class (Sentry in my case) and added the calculated hash to the password field of the user and deleted the hash in the cakephp_password field.
Now I could just call the login process normally as for any user.
Related
Note: This is likely a duplicate question but I couldn't search for a solution/suggestion for my use case, so if anyone can re-direct me, that would be appreciated.
Problem: I have a NextJS application that runs on Prisma ORM and MySQL database. I am using NextAuth for OAuth authentication for sign up and log in.
So far the application works just fine but I want to check whether a user is logging in for the first time and redirect them to a set up page whether they would input personal details in order to populate a table on the database, so that the app can form a dynamic page based on their newly added information.
On the database, there are the user table (populated by NextAuth immediately at login) and the profile table.
Under NextAuth, the user table is populated automatically with the account's user name and email etc. However, that is not a unique entry and NextJS getStaticPath requires a unique entry to generate a dynamic page. That's why I have created the profile table to allow users to add their custom username where the dynamic URL will be generated (e.g. localhost:3000/u/[slug])
Here's my question - I want to check that the user is first time logging in and send a form for them to fill out the necessary information to input data onto the profile table, otherwise they would go straight to their profile homepage. What is the best way to check that and to redirect them to that form page?
Do I do it at server side with getServerSideProps by checking that the id from user table is missing from the profile table and do a redirect? Or is there some method that's customarily used to implement this "initial set-up" procedure?
In a self-hosted C1-CMS (formerly Composite C1), how can I reset or recover the password? Can the password be viewed or reset somewhere on the server?
(Composite C1 4.3, Build 4.3.5555.25838)
If you are using the default XML data store, the users and encrypted passwords are stored in: /App_Data/Composite/DataStores/Composite.Data.Types.IUser.xml
If you have another user with a password you know, you can replace the encrypted password string on the account you are trying to access, with the encrypted password from the account you know. Then login and change the password.
I received this answer from the official Orckestra support team (very helpful, although I am not a paying customer, thumbs up!):
You cannot recover the password, but if you have access to the files (or SQL Database, if you migrated data to SQL) you can reset the password:
This should work for sites running on XML data store (default):
Edit the file ~/App_Data/Composite/DataStores/Composite.Data.Types.IUser.xml
Locate the xml element for the user you want to reset the password for
Change the following two attributes to the shown values:
EncryptedPassword="hsfIeqkVA5yoMIwzYIx4fWny5GjwNwiM3wA5K+9qCug="
PasswordHashSalt="/zgEhlwBe6Vl0HHqMFPxafrtwqlRIGVS"
Save the file.
If your site is on SQL, locate the table Composite_Data_Types_IUser_Published and put the above shown values into the corresponding columns (EncryptedPassword and PasswordHashSalt).
You should now be able to log in using the password "123456" for the user you changed above. Once in the CMS Console, you can set a new password using the top Tools menu (top right user menu n V5 and later).
I recently had a scenario where neither of the suggested methods would work for me. I was able to remedy this by creating a c1 instance locally, creating a user with the same username and the desired password, and then overwriting the password salt and hash from the local site to the one you're locked out of.
I have an old cakephp application which requires login. I was working with the tables in phpmyadmin and I accidentally deleted the user login/password entry from the table. Now I am not able to login in the cakephp application. I tried to create a login entry in the table but I am not sure how to insert a password in it. it is not working with plain text password. I guess, app is looking for encrypted password which I don't know how to add to the table.
Either I need to disable the login from the cakephp application code and direct the user straight to the main page of the app
Or I need to encrypt the password correctly and insert it in the table.
Please help! I am not sure how to achieve either of these solutions.
Go to your Users Controller and add the actions you need to create and save a new user:
$this->Auth->allow('display','save');
so, you'll be able to anter to that controller actions without any login.
I have a CI project and want to migrate its database to the Laravel's one.
The only problem is that they have different ways of hashing user passwords and so I cannot find a way to move them from one database to another.
I have already googled for the answer but nobody I found speaks about migrating passwords.
Thanks in advance.
I have no experience with CodeIgniter and don't know how it does password hashing, but here's how I would approach the problem.
To make something clear: You can only "convert" the password to a Laravel hash if you have the actual password (in plain text). As you don't store the plain password you only have it at the moment the user logs in our enters the password somewhere.
Therefore you have to realize that this migration isn't done in a few hours. It will take some time for all your users to enter their passwords.
So what I'm getting at is you should add a field to your users table for the CodeIgniter password. Let's call it ci_password. (Or probably you just have to rename the old password column to this and create a new one for the Laravel password).
Now every time a user logs in, you first check if a Laravel password is stored in the database and attempt a log in. If there is no Laravel hash stored, check with the ci_password. (For this you will have to make CodeIgniters hashing work inside your Laravel application. Sorry can't help you with that)
If the ci_password is valid use the password input from the user and generate the Laravel hash (using Hash::make('secret')). Store the new hash in the database and delete (set to NULL) the ci_password.
This way the passwords will be migrated one by one and you have to do nothing. And maybe, on one lucky day, all old hashes will be migrated and you can remove this logic and the column in the database.
While developing my app, I suddenly can't login using Auth anymore, according to Cake, the password or username is not correct.
When I track the query, the password (hashed) that Cake is looking for is not the one that the user has. I matched the query password to the User table in MAMP.
What can be the reason of this sudden error? What can Cake make looking for another password that not exists in the user table.
all error logs are clear
I can register a user without any issue
I use everything the standard Cake way (Auth, register process etc)
Many thanks!
well, most likely, you changed the salt value in core.php or hash mehod, or both. That's the only 2 reasons the hash is different for the same password.